Vendor CVEs
Lenovo
All CVEs
486 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-3746 | Hig | 0.51 | 7.8 | 0.00 | Aug 29, 2017 | ThinkPad USB 3.0 Ethernet Adapter (part number 4X90E51405) driver, various versions, was found to contain a privilege escalation vulnerability that could allow a local user to execute arbitrary code with administrative or system level privileges. | ||
| CVE-2017-3756 | Hig | 0.51 | 7.8 | 0.00 | Aug 18, 2017 | A privilege escalation vulnerability was identified in Lenovo Active Protection System for ThinkPad systems versions earlier than 1.82.0.17. An attacker with local privileges could execute code with administrative privileges via an unquoted service path. | ||
| CVE-2017-3751 | Hig | 0.51 | 7.8 | 0.00 | Aug 10, 2017 | An unquoted service path vulnerability was identified in the driver for the ThinkPad Compact USB Keyboard with TrackPoint versions earlier than 1.5.5.0. This could allow an attacker with local privileges to execute code with administrative privileges. | ||
| CVE-2017-3748 | Hig | 0.51 | 7.8 | 0.00 | Jun 29, 2017 | On Lenovo VIBE mobile phones, improper access controls on the nac_server component can be abused in conjunction with CVE-2017-3749 and CVE-2017-3750 to elevate privileges to the root user (commonly known as 'rooting' or "jail breaking" a device). | ||
| CVE-2017-3745 | Hig | 0.51 | 7.8 | 0.00 | Jun 20, 2017 | In Lenovo XClarity Administrator (LXCA) before 1.3.0, if service data is downloaded from LXCA, a non-administrative user may have access to password information for users that have previously authenticated to the LXCA's internal LDAP server, including administrative accounts and… | ||
| CVE-2015-4596 | Hig | 0.51 | 7.8 | 0.00 | Jun 13, 2017 | Lenovo Mouse Suite before 6.73 allows local users to run arbitrary code with administrator privileges. | ||
| CVE-2016-8228 | Hig | 0.51 | 7.8 | 0.00 | Jun 4, 2017 | In Lenovo Service Bridge before version 4, a user with local privileges on a system could execute code with administrative privileges. | ||
| CVE-2016-1876 | Hig | 0.51 | 7.8 | 0.00 | May 23, 2017 | The backend service process in Lenovo Solution Center (aka LSC) before 3.3.0002 allows local users to gain SYSTEM privileges via unspecified vectors. | ||
| CVE-2015-8110 | Hig | 0.51 | 7.8 | 0.01 | Apr 24, 2017 | Lenovo System Update (formerly ThinkVantage System Update) before 5.07.0019 allows local users to gain privileges by navigating to (1) "Click here to learn more" or (2) "View privacy policy" within the Tvsukernel.exe GUI application in the context of a temporary administrator… | ||
| CVE-2016-8235 | Hig | 0.51 | 7.8 | 0.00 | Apr 10, 2017 | Privilege escalation in Lenovo Customer Care Software Development Kit (CCSDK) versions earlier than 2.0.16.3 allows local users to execute code with elevated privileges. | ||
| CVE-2016-8227 | Hig | 0.51 | 7.8 | 0.00 | Jan 26, 2017 | Privilege escalation vulnerability in Lenovo Transition application used in Lenovo Yoga, Flex and Miix systems running Windows allows local users to execute code with elevated privileges. | ||
| CVE-2016-8225 | Hig | 0.51 | 7.8 | 0.00 | Jan 26, 2017 | Unquoted service path vulnerability in Lenovo Edge and Lenovo Slim USB Keyboard Driver versions earlier than 1.21 allows local users to execute code with elevated privileges. | ||
| CVE-2016-8223 | Hig | 0.51 | 7.8 | 0.00 | Nov 29, 2016 | During an internal security review, Lenovo identified a local privilege escalation vulnerability in Lenovo System Interface Foundation software installed on some Windows 10 PCs where a user with local privileges could run arbitrary code with administrator level privileges. | ||
| CVE-2016-5247 | Hig | 0.51 | 7.8 | 0.00 | Sep 22, 2016 | The BIOS for Lenovo ThinkCentre E93, M6500t/s, M6600, M6600q, M6600t/s, M73p, M800, M83, M8500t/s, M8600t/s, M900, M93, and M93P devices; ThinkServer RQ940, RS140, TS140, TS240, TS440, and TS540 devices; and ThinkStation E32, P300, and P310 devices might allow local users or… | ||
| CVE-2016-3804 | Hig | 0.51 | 7.8 | 0.00 | Jul 11, 2016 | The MediaTek power management driver in Android before 2016-07-05 on Android One devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28332766 and MediaTek internal bug ALPS02694410. | ||
| CVE-2016-5249 | Hig | 0.51 | 7.8 | 0.01 | Jun 30, 2016 | Lenovo Solution Center (LSC) before 3.3.003 allows local users to execute arbitrary code with LocalSystem privileges via vectors involving the LSC.Services.SystemService StartProxy command with a named pipe created in advance and crafted .NET assembly. | ||
| CVE-2016-2393 | Hig | 0.51 | 7.8 | 0.00 | Apr 11, 2016 | Lenovo Fingerprint Manager before 8.01.57 and Touch Fingerprint before 1.00.08 use weak ACLs for unspecified (1) services and (2) files, which allows local users to gain privileges by invalidating local checks. | ||
| CVE-2025-12048 | Hig | 0.49 | 7.5 | 0.00 | Nov 12, 2025 | An arbitrary file upload vulnerability was reported in the Lenovo Scanner Pro client during an internal security assessment that could allow remote code execution or unauthorized control of the affected system. | ||
| CVE-2025-10495 | Hig | 0.49 | 7.5 | 0.00 | Nov 12, 2025 | A potential vulnerability was reported in the Lenovo PC Manager, Lenovo App Store, Lenovo Browser, and Lenovo Legion Zone client applications that, under certain conditions, could allow an attacker on the same logical network to execute arbitrary code. | ||
| CVE-2025-9319 | Hig | 0.49 | 7.5 | 0.00 | Sep 11, 2025 | A potential vulnerability was reported in the Lenovo Wallpaper Client that could allow arbitrary code execution under certain conditions. | ||
| CVE-2024-4696 | Hig | 0.49 | 7.5 | 0.00 | Jun 13, 2024 | A privilege escalation vulnerability was reported in Lenovo Service Bridge prior to version 5.0.2.17 that could allow operating system commands to be executed if a specially crafted link is visited. | ||
| CVE-2024-3286 | Hig | 0.49 | 7.5 | 0.00 | May 16, 2024 | A buffer overflow vulnerability was identified in some Lenovo printers that could allow an unauthenticated user to trigger a device restart by sending a specially crafted web request. | ||
| CVE-2023-4857 | Hig | 0.49 | 7.5 | 0.01 | Apr 15, 2024 | An authentication bypass vulnerability was identified in SMM/SMM2 and FPC that could allow an authenticated user to execute certain IPMI calls that could lead to exposure of limited system information. | ||
| CVE-2018-9065 | Hig | 0.49 | 7.5 | 0.00 | Jul 30, 2018 | In Lenovo xClarity Administrator versions earlier than 2.1.0, an attacker that gains access to the underlying LXCA file system user may be able to retrieve a credential store containing the service processor user names and passwords for servers previously managed by that LXCA… | ||
| CVE-2018-9068 | Hig | 0.49 | 7.5 | 0.01 | Jul 26, 2018 | The IMM2 First Failure Data Capture function collects management module logs and diagnostic information when a hardware error is detected. This information is made available for download through an SFTP server hosted on the IMM2 management network interface. In versions earlier… | ||
| CVE-2018-9067 | Hig | 0.49 | 7.5 | 0.01 | Jul 13, 2018 | The Lenovo Help Android app versions earlier than 6.1.2.0327 had insufficient access control for some functions which, if exploited, could have led to exposure of approximately 400 email addresses and 8,500 IMEI. | ||
| CVE-2017-3776 | Hig | 0.49 | 7.5 | 0.01 | Apr 19, 2018 | Lenovo Help Android mobile app versions earlier than 6.1.2.0327 allowed information to be transmitted over an HTTP channel, permitting others observing the channel to potentially see this information. | ||
| CVE-2017-3768 | Hig | 0.49 | 7.5 | 0.01 | Jan 26, 2018 | An unprivileged attacker with connectivity to the IMM2 could cause a denial of service attack on the IMM2 (Versions earlier than 4.4 for Lenovo System x and earlier than 6.4 for IBM System x). Flooding the IMM2 with a high volume of authentication failures via the Common… | ||
| CVE-2017-3771 | Hig | 0.49 | 7.5 | 0.01 | Oct 26, 2017 | System boot process is not adequately secured In Lenovo E95 and ThinkCentre M710s/M710t because systems were shipped from factory without completing BIOS/UEFI initialization process. | ||
| CVE-2017-3743 | Hig | 0.49 | 7.5 | 0.01 | Jun 20, 2017 | If multiple users are concurrently logged into a single system where one user is sending a command via the Lenovo ToolsCenter Advanced Settings Utility (ASU), UpdateXpress System Pack Installer (UXSPI) or Dynamic System Analysis (DSA) to a second machine, the other users may be… | ||
| CVE-2016-8231 | Hig | 0.49 | 7.5 | 0.01 | Jun 4, 2017 | In Lenovo Service Bridge before version 4, a bug found in the signature verification logic of the code signing certificate could be exploited by an attacker to insert a forged code signing certificate. | ||
| CVE-2016-8230 | Hig | 0.49 | 7.5 | 0.01 | Jun 4, 2017 | In Lenovo Service Bridge before version 4, an insecure HTTP connection is used by LSB to send system serial number, machine type and model and product name to Lenovo's servers. | ||
| CVE-2016-8236 | Hig | 0.49 | 7.5 | 0.01 | Mar 3, 2017 | Reset to default settings may occur in Lenovo ThinkServer TSM RD350, RD450, RD550, RD650, TD350 during a prolonged broadcast storm in TSM versions earlier than 3.77. | ||
| CVE-2016-3944 | Hig | 0.49 | 7.5 | 0.02 | Jun 3, 2016 | UpdateAgent in Lenovo Accelerator Application allows man-in-the-middle attackers to execute arbitrary code by spoofing an update response from susapi.lenovomm.com. | ||
| CVE-2016-1350 | Hig | 0.49 | 7.5 | 0.03 | Mar 26, 2016 | Cisco IOS 15.3 and 15.4, Cisco IOS XE 3.8 through 3.11, and Cisco Unified Communications Manager allow remote attackers to cause a denial of service (device reload) via malformed SIP messages, aka Bug ID CSCuj23293. | ||
| CVE-2025-6248 | Hig | 0.48 | 7.4 | 0.00 | Jul 17, 2025 | A cross-site scripting (XSS) vulnerability was reported in the Lenovo Browser that could allow an attacker to obtain sensitive information if a user visits a web page with specially crafted content. | ||
| CVE-2024-27149 | Hig | 0.48 | 7.4 | 0.00 | Jun 14, 2024 | The Toshiba printers are vulnerable to a Local Privilege Escalation vulnerability. An attacker can remotely compromise any Toshiba printer. As for the affected products/models/versions, see the reference URL. | ||
| CVE-2026-4134 | Hig | 0.47 | 7.3 | 0.00 | Apr 15, 2026 | During an internal security assessment, a potential vulnerability was discovered in Lenovo Software Fix, that during installation could allow a local authenticated user to execute code with elevated privileges. | ||
| CVE-2024-8281 | Hig | 0.47 | 7.2 | 0.01 | Sep 13, 2024 | An input validation weakness was discovered in XCC that could allow a valid, authenticated XCC user with elevated privileges to perform command injection through specially crafted command line input in the XCC SSH captive shell. | ||
| CVE-2024-8280 | Hig | 0.47 | 7.2 | 0.01 | Sep 13, 2024 | An input validation weakness was discovered in XCC that could allow a valid, authenticated XCC user with elevated privileges to perform command injection or cause a recoverable denial of service using a specially crafted file. | ||
| CVE-2024-8279 | Hig | 0.47 | 7.2 | 0.01 | Sep 13, 2024 | A privilege escalation vulnerability was discovered in XCC that could allow a valid, authenticated XCC user with elevated privileges to perform command injection via specially crafted file uploads. | ||
| CVE-2024-38512 | Hig | 0.47 | 7.2 | 0.01 | Jul 26, 2024 | A privilege escalation vulnerability was discovered in XCC that could allow an authenticated XCC user with elevated privileges to perform command injection via specially crafted IPMI commands. | ||
| CVE-2024-38511 | Hig | 0.47 | 7.2 | 0.01 | Jul 26, 2024 | A privilege escalation vulnerability was discovered in an upload processing functionality of XCC that could allow an authenticated XCC user with elevated privileges to perform command injection via specially crafted file uploads. | ||
| CVE-2024-38510 | Hig | 0.47 | 7.2 | 0.01 | Jul 26, 2024 | A privilege escalation vulnerability was discovered in the SSH captive command shell interface that could allow an authenticated XCC user with elevated privileges to perform command injection via specially crafted file uploads. | ||
| CVE-2024-38509 | Hig | 0.47 | 7.2 | 0.01 | Jul 26, 2024 | A privilege escalation vulnerability was discovered in XCC that could allow an authenticated XCC user with elevated privileges to execute arbitrary code via a specially crafted IPMI command. | ||
| CVE-2024-38508 | Hig | 0.47 | 7.2 | 0.01 | Jul 26, 2024 | A privilege escalation vulnerability was discovered in the web interface or SSH captive command shell interface of XCC that could allow an authenticated XCC user with elevated privileges to perform command injection via a specially crafted request. | ||
| CVE-2023-4855 | Hig | 0.47 | 7.2 | 0.01 | Apr 15, 2024 | A command injection vulnerability was identified in SMM/SMM2 and FPC that could allow an authenticated user with elevated privileges to execute unauthorized commands via IPMI. | ||
| CVE-2022-0354 | Hig | 0.47 | 7.3 | 0.00 | Apr 22, 2022 | A vulnerability was reported in Lenovo System Update that could allow a local user with interactive system access the ability to execute code with elevated privileges only during the installation of a System Update package released before 2022-02-25 that displays a command… | ||
| CVE-2026-0827 | Hig | 0.46 | 7.1 | 0.00 | Apr 15, 2026 | During an internal security assessment, a potential vulnerability was discovered in Lenovo Diagnostics and the HardwareScanAddin used in Lenovo Vantage that, during installation or when using hardware scan, could allow a local authenticated user to perform an arbitrary file… | ||
| CVE-2015-8109 | Hig | 0.46 | 7.0 | 0.00 | Apr 24, 2017 | Lenovo System Update (formerly ThinkVantage System Update) before 5.07.0019 allows local users to gain privileges by making a prediction of tvsu_tmp_xxxxxXXXXX account credentials that requires knowledge of the time that this account was created, aka a "temporary administrator… |
- risk 0.51cvss 7.8epss 0.00
ThinkPad USB 3.0 Ethernet Adapter (part number 4X90E51405) driver, various versions, was found to contain a privilege escalation vulnerability that could allow a local user to execute arbitrary code with administrative or system level privileges.
- risk 0.51cvss 7.8epss 0.00
A privilege escalation vulnerability was identified in Lenovo Active Protection System for ThinkPad systems versions earlier than 1.82.0.17. An attacker with local privileges could execute code with administrative privileges via an unquoted service path.
- risk 0.51cvss 7.8epss 0.00
An unquoted service path vulnerability was identified in the driver for the ThinkPad Compact USB Keyboard with TrackPoint versions earlier than 1.5.5.0. This could allow an attacker with local privileges to execute code with administrative privileges.
- risk 0.51cvss 7.8epss 0.00
On Lenovo VIBE mobile phones, improper access controls on the nac_server component can be abused in conjunction with CVE-2017-3749 and CVE-2017-3750 to elevate privileges to the root user (commonly known as 'rooting' or "jail breaking" a device).
- risk 0.51cvss 7.8epss 0.00
In Lenovo XClarity Administrator (LXCA) before 1.3.0, if service data is downloaded from LXCA, a non-administrative user may have access to password information for users that have previously authenticated to the LXCA's internal LDAP server, including administrative accounts and…
- risk 0.51cvss 7.8epss 0.00
Lenovo Mouse Suite before 6.73 allows local users to run arbitrary code with administrator privileges.
- risk 0.51cvss 7.8epss 0.00
In Lenovo Service Bridge before version 4, a user with local privileges on a system could execute code with administrative privileges.
- risk 0.51cvss 7.8epss 0.00
The backend service process in Lenovo Solution Center (aka LSC) before 3.3.0002 allows local users to gain SYSTEM privileges via unspecified vectors.
- risk 0.51cvss 7.8epss 0.01
Lenovo System Update (formerly ThinkVantage System Update) before 5.07.0019 allows local users to gain privileges by navigating to (1) "Click here to learn more" or (2) "View privacy policy" within the Tvsukernel.exe GUI application in the context of a temporary administrator…
- risk 0.51cvss 7.8epss 0.00
Privilege escalation in Lenovo Customer Care Software Development Kit (CCSDK) versions earlier than 2.0.16.3 allows local users to execute code with elevated privileges.
- risk 0.51cvss 7.8epss 0.00
Privilege escalation vulnerability in Lenovo Transition application used in Lenovo Yoga, Flex and Miix systems running Windows allows local users to execute code with elevated privileges.
- risk 0.51cvss 7.8epss 0.00
Unquoted service path vulnerability in Lenovo Edge and Lenovo Slim USB Keyboard Driver versions earlier than 1.21 allows local users to execute code with elevated privileges.
- risk 0.51cvss 7.8epss 0.00
During an internal security review, Lenovo identified a local privilege escalation vulnerability in Lenovo System Interface Foundation software installed on some Windows 10 PCs where a user with local privileges could run arbitrary code with administrator level privileges.
- risk 0.51cvss 7.8epss 0.00
The BIOS for Lenovo ThinkCentre E93, M6500t/s, M6600, M6600q, M6600t/s, M73p, M800, M83, M8500t/s, M8600t/s, M900, M93, and M93P devices; ThinkServer RQ940, RS140, TS140, TS240, TS440, and TS540 devices; and ThinkStation E32, P300, and P310 devices might allow local users or…
- risk 0.51cvss 7.8epss 0.00
The MediaTek power management driver in Android before 2016-07-05 on Android One devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28332766 and MediaTek internal bug ALPS02694410.
- risk 0.51cvss 7.8epss 0.01
Lenovo Solution Center (LSC) before 3.3.003 allows local users to execute arbitrary code with LocalSystem privileges via vectors involving the LSC.Services.SystemService StartProxy command with a named pipe created in advance and crafted .NET assembly.
- risk 0.51cvss 7.8epss 0.00
Lenovo Fingerprint Manager before 8.01.57 and Touch Fingerprint before 1.00.08 use weak ACLs for unspecified (1) services and (2) files, which allows local users to gain privileges by invalidating local checks.
- risk 0.49cvss 7.5epss 0.00
An arbitrary file upload vulnerability was reported in the Lenovo Scanner Pro client during an internal security assessment that could allow remote code execution or unauthorized control of the affected system.
- risk 0.49cvss 7.5epss 0.00
A potential vulnerability was reported in the Lenovo PC Manager, Lenovo App Store, Lenovo Browser, and Lenovo Legion Zone client applications that, under certain conditions, could allow an attacker on the same logical network to execute arbitrary code.
- risk 0.49cvss 7.5epss 0.00
A potential vulnerability was reported in the Lenovo Wallpaper Client that could allow arbitrary code execution under certain conditions.
- risk 0.49cvss 7.5epss 0.00
A privilege escalation vulnerability was reported in Lenovo Service Bridge prior to version 5.0.2.17 that could allow operating system commands to be executed if a specially crafted link is visited.
- risk 0.49cvss 7.5epss 0.00
A buffer overflow vulnerability was identified in some Lenovo printers that could allow an unauthenticated user to trigger a device restart by sending a specially crafted web request.
- risk 0.49cvss 7.5epss 0.01
An authentication bypass vulnerability was identified in SMM/SMM2 and FPC that could allow an authenticated user to execute certain IPMI calls that could lead to exposure of limited system information.
- risk 0.49cvss 7.5epss 0.00
In Lenovo xClarity Administrator versions earlier than 2.1.0, an attacker that gains access to the underlying LXCA file system user may be able to retrieve a credential store containing the service processor user names and passwords for servers previously managed by that LXCA…
- risk 0.49cvss 7.5epss 0.01
The IMM2 First Failure Data Capture function collects management module logs and diagnostic information when a hardware error is detected. This information is made available for download through an SFTP server hosted on the IMM2 management network interface. In versions earlier…
- risk 0.49cvss 7.5epss 0.01
The Lenovo Help Android app versions earlier than 6.1.2.0327 had insufficient access control for some functions which, if exploited, could have led to exposure of approximately 400 email addresses and 8,500 IMEI.
- risk 0.49cvss 7.5epss 0.01
Lenovo Help Android mobile app versions earlier than 6.1.2.0327 allowed information to be transmitted over an HTTP channel, permitting others observing the channel to potentially see this information.
- risk 0.49cvss 7.5epss 0.01
An unprivileged attacker with connectivity to the IMM2 could cause a denial of service attack on the IMM2 (Versions earlier than 4.4 for Lenovo System x and earlier than 6.4 for IBM System x). Flooding the IMM2 with a high volume of authentication failures via the Common…
- risk 0.49cvss 7.5epss 0.01
System boot process is not adequately secured In Lenovo E95 and ThinkCentre M710s/M710t because systems were shipped from factory without completing BIOS/UEFI initialization process.
- risk 0.49cvss 7.5epss 0.01
If multiple users are concurrently logged into a single system where one user is sending a command via the Lenovo ToolsCenter Advanced Settings Utility (ASU), UpdateXpress System Pack Installer (UXSPI) or Dynamic System Analysis (DSA) to a second machine, the other users may be…
- risk 0.49cvss 7.5epss 0.01
In Lenovo Service Bridge before version 4, a bug found in the signature verification logic of the code signing certificate could be exploited by an attacker to insert a forged code signing certificate.
- risk 0.49cvss 7.5epss 0.01
In Lenovo Service Bridge before version 4, an insecure HTTP connection is used by LSB to send system serial number, machine type and model and product name to Lenovo's servers.
- risk 0.49cvss 7.5epss 0.01
Reset to default settings may occur in Lenovo ThinkServer TSM RD350, RD450, RD550, RD650, TD350 during a prolonged broadcast storm in TSM versions earlier than 3.77.
- risk 0.49cvss 7.5epss 0.02
UpdateAgent in Lenovo Accelerator Application allows man-in-the-middle attackers to execute arbitrary code by spoofing an update response from susapi.lenovomm.com.
- risk 0.49cvss 7.5epss 0.03
Cisco IOS 15.3 and 15.4, Cisco IOS XE 3.8 through 3.11, and Cisco Unified Communications Manager allow remote attackers to cause a denial of service (device reload) via malformed SIP messages, aka Bug ID CSCuj23293.
- risk 0.48cvss 7.4epss 0.00
A cross-site scripting (XSS) vulnerability was reported in the Lenovo Browser that could allow an attacker to obtain sensitive information if a user visits a web page with specially crafted content.
- risk 0.48cvss 7.4epss 0.00
The Toshiba printers are vulnerable to a Local Privilege Escalation vulnerability. An attacker can remotely compromise any Toshiba printer. As for the affected products/models/versions, see the reference URL.
- risk 0.47cvss 7.3epss 0.00
During an internal security assessment, a potential vulnerability was discovered in Lenovo Software Fix, that during installation could allow a local authenticated user to execute code with elevated privileges.
- risk 0.47cvss 7.2epss 0.01
An input validation weakness was discovered in XCC that could allow a valid, authenticated XCC user with elevated privileges to perform command injection through specially crafted command line input in the XCC SSH captive shell.
- risk 0.47cvss 7.2epss 0.01
An input validation weakness was discovered in XCC that could allow a valid, authenticated XCC user with elevated privileges to perform command injection or cause a recoverable denial of service using a specially crafted file.
- risk 0.47cvss 7.2epss 0.01
A privilege escalation vulnerability was discovered in XCC that could allow a valid, authenticated XCC user with elevated privileges to perform command injection via specially crafted file uploads.
- risk 0.47cvss 7.2epss 0.01
A privilege escalation vulnerability was discovered in XCC that could allow an authenticated XCC user with elevated privileges to perform command injection via specially crafted IPMI commands.
- risk 0.47cvss 7.2epss 0.01
A privilege escalation vulnerability was discovered in an upload processing functionality of XCC that could allow an authenticated XCC user with elevated privileges to perform command injection via specially crafted file uploads.
- risk 0.47cvss 7.2epss 0.01
A privilege escalation vulnerability was discovered in the SSH captive command shell interface that could allow an authenticated XCC user with elevated privileges to perform command injection via specially crafted file uploads.
- risk 0.47cvss 7.2epss 0.01
A privilege escalation vulnerability was discovered in XCC that could allow an authenticated XCC user with elevated privileges to execute arbitrary code via a specially crafted IPMI command.
- risk 0.47cvss 7.2epss 0.01
A privilege escalation vulnerability was discovered in the web interface or SSH captive command shell interface of XCC that could allow an authenticated XCC user with elevated privileges to perform command injection via a specially crafted request.
- risk 0.47cvss 7.2epss 0.01
A command injection vulnerability was identified in SMM/SMM2 and FPC that could allow an authenticated user with elevated privileges to execute unauthorized commands via IPMI.
- risk 0.47cvss 7.3epss 0.00
A vulnerability was reported in Lenovo System Update that could allow a local user with interactive system access the ability to execute code with elevated privileges only during the installation of a System Update package released before 2022-02-25 that displays a command…
- risk 0.46cvss 7.1epss 0.00
During an internal security assessment, a potential vulnerability was discovered in Lenovo Diagnostics and the HardwareScanAddin used in Lenovo Vantage that, during installation or when using hardware scan, could allow a local authenticated user to perform an arbitrary file…
- risk 0.46cvss 7.0epss 0.00
Lenovo System Update (formerly ThinkVantage System Update) before 5.07.0019 allows local users to gain privileges by making a prediction of tvsu_tmp_xxxxxXXXXX account credentials that requires knowledge of the time that this account was created, aka a "temporary administrator…
Page 2 of 10